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(54) Abstract Title: A device for authenticating data communications over a network using a Smart or SllVi card 

(57) A device or "dongle* (30) for controlling communications 
between a Subscriber Identity Module (or SIM) (12), such 
as of the type used in a GSM cellular telephone system, 
and a computer, such as a Windows-based PC (10). The 
SIM (12) can be authenticated by the telephone network, 
in the same way as for authenticating SIMs of telephone 
handset users in the network, and can in this way 
authenticate the user of the PC (10) or the PC (10) itself. 
Such authentication can, for example, permit use of the PC 
(10) for a time-limited session in relation to a particular 
application which is released to the PC (10) after the 
authentication is satisfactorily completed. The application 
may be released to the PC (10) by a third party after and in 
response to the satisfactory completion of the 
authentication process. A charge for the session can be 
debited to the user by the telecommunications network 
and then passed on to the third party. The dongle (30) 
provides additional security for the authentication data 
stored on the SIM by requiring a PIN to be entered and/or 
by only being responsive to requests received from the PC 
(10) which are encrypted using a key, which requests are 
generated by a special PC interface driver (38). The PIN 
may be stored only temporarily. The dongle (30) has an 
electrical connector (34), and means may be provided for 
selectively rendering the connector (34) available for 
coupling to the PC(10). 
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processing apparatus, the device including first coupling means for operative coupling to 
authentication storage means storing predetermined information relating to the 
authentication of a transaction with the data processing apparatus; second coupling means 
for operative coupUng to the data processing apparatus; and configuration means for 
selectively rendering the second coupling means available for coupling to the data 
processing apparatus, the device when operatively coupled to the data processing 
apparatus being responsive to an authentication process carried out via a communications 
link for authenticating the transaction, the authentication process involving the use ofthe 
predetermined configuration information. 

Devices for connection to data processing apparatus (such as a personal computer) 
embodying the invention, will now be described, by way of example only, with reference 
to the accompanying diagrammatic drawings in which: 

Figure 1 is a block diagram for ejq)laining the operation of the method in relation to the 
data processing apparatus; 

Figure 2 is a flow chart for use in the understanding of the block diagram of Figure 1 ; 
Figure 3 is a block diagram corresponding to Figure 1 in which a "dongle" is used; and 



Figure 4 is a perspective view of one configuration of a dongle; 
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Figure 7B shows a side view of the dongle of Figure 7 A; 

Figure 7C shows a front view corresponding to Figure 7A but with the dongle connector 
extended; 

Figure 7D shows a side view corresponding to Figure 7B but with the dongle connector 
extended; 

Figure 8A shows a front view of a fifth configuration of a dongle; 
Figure 8B shows a side view of the dongle of Figure 8A; and 



Figure 



8C shows how the electrical connector emerges from the casing of the dongle. 



In the figures like elements are generally designated with the same reference numbers. 

There exist many instances when a transaction involving the use of data processing 
apparatus requires authentication. For example, the data processing apparatus may be 
required to carry out a transaction, such as the exchange of information, with a third party, 
such as a remote third party with which the communication must be made over a 
telecommunications link (including via the Intemet). The third party may require that the 
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human user: the data processing apparatus may be required to operate automatically (for 
mpie, intermittently operating in an information-gathering or monitoring role, and 
porting the results to a third party). In such cases, it may also be necessary for the data 
processing apparatus to authenticate itself to the satisfaction of the third party. 

As described in our co-pending patent application No. GB 0224228.7, the data processing 
apparatus is provided with, or associated with, means (authentication storage means) for 

1 

storing predetermined authentication information for authenticating that apparatus or a 
particular user thereof In one embodiment, the means for storing the predetermined 
information is removable and can thus be taken by the user and inserted into any data 
processing apparatus (or computer) which is adapted to receive it, so as to enable that user 
to be authenticated in respect to a transaction to be carried out by that user with that 
computer. Advantageously, in such a case the means for storing the predetermined 
information is in the form of a smart card. 

In a more specific example, the smart card is a Subscriber Identity Module or SIM of the 
type used in and for authenticating the use of handsets in a cellular telecommunications 
network. Such a network will store details of its users' (subscribers') SIMs. In operation 
of the network, a user' s handset is authenticated (for example, when the user activates the 
handset on the network with a view to making or receiving calls) by sending a challenge 
to the handset incorporating that SIM, in response to which the SIM calculates a reply 
(dependent on the predetermined information held on the SIM) and transmits it back to 
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It may be desirable to be able to change the authentication information on the SIM (or 
simulated SIM) to take account of changed circumstances. For example, the SIM may be 
a SIM registered with a particular cellular telecommunications network - a network 
appHcable to the country or region where the data processing apparatus or computer is to 
be used. However, circumstances may arise (for example, the apparatus or the computer 
is physically moved to a different country or region) in which it is desirable or necessary 
to re-register the SIM with a dififci«nt cellular telecommunications network. Ways in 
which this can be done are disclosed in our co-pending United Kingdom patent 
applications Nos. 0118406.8, 0122712.3 and 0130790.9 and in our corresponding PCT 
applications Nos. GB02/0O3265 and GB02/003260. As described therein in more detail, a 
SIM (and thus also a simulated SIM) may be initially provided with authentication (and 
other) information relating to each of a plurality of networks, the information respective 
to the different networks being selectively activatable. 

It is not necessary, however, for the users to be subscribers to a telecommunications 
network. Instead, they could be subscribers registered with some other centralised system 
which could then carry out the authentication process in the same way as in a 
telecommunications network. In such a case, the registration of a SIM (or simulated SIM) 
could be transferred from one such centralised system to another in the same manner as 
described above. 



As described above, an aim of the authentication process is to facilitate a 
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removably fitted to the PC, for use in identifying a user (that is, the holder of the SIM) or 
may be fixed within the PC (for identifying the PC itself). The PC 10 incorporates 
transaction management software 14 which interacts with and controls some of the 
functions of the SIM. 

Also shown in Figure 1 is a cellular telephone network 16, such as the Vodafone (trade 
mark) network, and it is assumed that the SIM 12 is registered with the network 16. 

The operation of the system shown in Figure 1 will be explained in relation to the flow 
chart of Figure 2. 

At step A, the user of the PC 10 requests use of a particular application 17 on the PC. For 
example, the user might wish to view web pages containing specialised information which 
are encrypted and thus not generally available. In order to do this, the user requests a 
"session ke/* - that is, permission to carry out a transaction involving time-limited use of 
the particular application. The request for the session key is addressed to the transaction 
manager 14. The transaction manager 14 then, transmits identification information 
derived from the SIM 12 (an "I am here" message) to the security services part ISofthe 
network 16 (step B). In response to the "I am here" message, the network transmits a 
random challenge (step C) to the transaction manager 14, this challenge being based on 
information known to the network about the SIM 12. 
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In an alternative arrangement, a data carrier may be provided with means for storing 
predetermined information such as in one of the forms described above - that is, a SIM or 
(more probably) software simulating a SIM. The simulated SIM is associated with data 
stored on the data carrier. The data carrier may, for example, be a DVD or CD ROM or 
some other similar data carrier, and the data thereon may be software or a suite of 
software. 

The simulated SIM may be used to identify and authenticate the data (such as the 
software) on the data carrier. The simulated SIM will be registered with a 
telecommunications network or some other centralised system, in the same manner as 
described above. When the data carrier is placed in data processing apparatus such as a 
computer, for use therein, the SIM would be used to identify and authenticate the data 
carrier and the data stored thereon and (for example) could then permit the software to be 
downloaded for use in the computer. In this way, the SIM could be used subsequently to 
block fiirther use of the software (for example, in another computer), or to allow the data 
to be used for only a predetermined number of times (whether in the same or in a different 
computer). If, for example, the data carrier (with its SIM) is placed in a computer which 
has also received a particular user's SIM then (a) the SIM on the data carrier can be used 
to identify and authenticate the software and (b) the SIM in or associated with the 
computer can be used to authenticate the user and could subsequently be used to enable a 
charge to be debited to that user as payment for use of the software. 
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via a PC 10. If desired, the telecommunications network will include a record indicating 
that the SIM within the user's mobile handset and the SIM within the user's dongle are 
commonly owned, and this information maybe used to conveniendy provide the user with 
a single account of charges incurred in respect of use of both the SIMs. 

The dongle 30 is provided with a dongle interface driver 36 which controls 
communication with the PC 10. All communications from the PCIO are routed via the 
dongle interface driver 36 and data stored on the SIM 12 cannot be accessed other than by 
using the dongle interface driver 36. A corresponding PC interface driver 38 is provided 
for the PC 10. The PC interface driver 38 may, for example, comprise a series of 
commands in the form of a computer programme which is loaded onto and run by the PC 
10. The PC interface driver 38 may, for example, be provided by or under the control of 
thenetworic 16. ThePC ihterfacedriver38 will therefore be "trusted" by the network 16 
and will be configured to only allow access to the dongle 30 and consequently the SIM 12 
in an approved manner which will not allow the security information present on the SIM 
12 to be compromised. 

To prevent, or to reduce, the likelihood of the PC interface driver 38 being replaced or 
bypassed by an alternative driver, which could compromise the security of the data on the 
SIM 12, the PC interface driver 38 and the dongle interface driver 36 are provided with 
respective shared secret keys 40, 42. Each communication from the PC interface driver 
38 to the dongle 30 is encrypted using the shared secret key 40. All conmiunications from 
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One face of the housing 32 has a variety of push buttons 46 mounted thereon, ten of 
which have respective numerals from 0 to 9 displayed thereon. In this embodiment, the 
dongle 30 includes means (such as software) for receiving the entry of a PIN number from 
a user by operating the appropriately designated push buttons 46 which is compared to the 
PIN number provided for and stored on the SIM 12. The SIMs used in the GSM 
telecommunications network are conventionally provided with such a PIN. 

The housing 32 may further optionally provide a display 48 for prompting the user to 
enter their PIN number and/or for displaying the PIN number as it is entered, if desired. 
On entry of the PIN number using the push buttons 46, the entered PIN number is 
compared to the PIN number stored on the SIM. If the PINs are found to match, 
communication between the SIM and the PCIO is permitted to authorise one or more 
transactions. The comparison between the entered PIN number and the PIN number 
stored on the SIM 12 is performed within the dongle 30, and neither the entered PIN 
number nor the PIN number stored on the SIM is conmiunicated to the PCIO. This 
prevents or reduces the likelihood that the PINs will become compromised by disclosure 
to an authorised party. 

The PIN entry comparison arrangement of Figure 4 may be provided in addition to or as 
an alternative to the interface drivers 36,38 and shared secret keys 40,42 of the 
arrangement shown in Figure 3. 
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than PCs. For example, a user having an account with network 16 and being provided 
with a dongle 30 can insert the connector 34 into an appropriately configured slot in a 
parking meter which is connectable to the network 16. The SIM 12 contained within the 
dongle 30 is authenticated in the manner described above using a transaction manager 
provided within the parking meter. By this means, payment for parking can be made by 
deducting an appropriate amount from the user's account with the network 16. 
Advantageously, the dongle 30 will be provided with push buttons 46 and the dongle will 
prompt the user to enter a PIN which is compared to the PIN stored on the SIM so that the 
dongle 30 cannot be used by an unauthorised party. The dongle could be programmed to 
allow the push buttons 46, under control of the parking meter, to allow entry of data 
relevant to the transaction - for example, the length of time for which the parking space is 
required. 

The dongle 30 could, for example, also be used in a similar way with an appropriately 
configured DVD player to allow a film to be viewed on payment of a fee deducted from 
the user's account with the network 16. 

Figures 5 A to 5D show a second configuration of a dongle indicated generally at 50. The 
dongle 50 does not include a display or push buttons. The dongle 50 is of generally 
elliptical cross-section and includes a generally rectangular aperture 52 formed in the top 
end thereof that allows an electrical connector 54 of generally rectangular cross-section to 
emerge therefrom. The aperture 52 is closed by a closure member 56 which is generally 
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within the casing of the dongle 70, and a second position, shown in Figures 6C and 6D, 
where the connector 54 is shown extending from the casing of dongle 70. However, in 
the third configuration, the linear movement of the electrical connector 54 in the direction 
of arrow 68 is provided by rotating knob 72 with respect to the casing of dongle 70 as 
shown by arrow 74. Rotation of the knob 72 in a first direction causes the connector 54 to 
emerge from the casing of dongle 70, and rotation in the opposite direction causes the 
connector 54 to be retracted within the casing of the dongle 70. Any suitable mechanism 
for converting the rotary motion of the knob 72 into linear motion of the connector 54 
may be provided. For example, a mechanism described in U.S. Patent No. 5813421 
(which is incorporated herein by reference) for a lipstick swivel mechanism may be 
employed. Other suitable mechanisms will be known to those skilled in the relevant art. 

The dongle 70 includes a display 48 for prompting the user to enter their PIN number 
and/or for displaying the PIN number as it is entered. The dongle 70, rather than having a 
series of push buttons (such as a numerical key pad) comprises a data entry knob 76 
which is mounted to the dongle for rotation as shown by arrow 78 and also for linear 
motion with respect to the dongle as shown by arrow 80. Each digit of the PIN number is 
input by the user grasping the knob 76 and pulling it in a direction away from the casing 
of the dongle 70 (in the direction of arrow 80). An indication, such as a flashing cursor 
then appears on the display 48 indicating that the first digit of the PIN number is 
expected. The number is input by rotation of the knob 76 (arrow 78), the displayed 
number increasing in value with fiirther rotation of the knob 76. When the required 
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the power from the piezo electric cell 82. 



Figures 7A to 7D show a fourth configuration of dongle 90. In this embodiment the 
dongle 90 comprises a main body part 92 to which the electrical connector 54 is attached 
in a fixed position, and a removable protective cap 94 which, when in position, covers the 
main body 92 and the connector 54 to protect those components and to provide the dongle 
90 with an attractive external appearance. 

At the top end of the main body 92 an annular knob 96 is mounted to the body 92 for 
rotation with respect to the body 92, as shown by arrow 98. The knob 96 includes a series 
of markings 100 visible to the user of the dongle 90 - for example, each mark 100 
indicating a different digit from 0 to 9. A marking 102 is provided at the top of the casing 
92. In this embodiment, the first digit of the user's PIN number is entered by rotating the 
knob 96 until the correct digit of the PIN number (indicated at 100) is aligned with the 
mark 102. When the relevant digit and the mark 102 are aligned, the user stops rotation 
oftheknob96. When movement of the knob 96 stops, the position of the knob 96 is 
recorded by the dongle 90 so that the digit of the PIN number can be detected. The next 
digit of the PIN number is entered by rotating the knob 96 in an anti-clockwise direction 
(opposite to arrow 98) until the relevant digit of the PIN number is aligned with marking 
102. Again, when the rotation of the knob stops, the position of the knob is recorded so 
that the PIN number can be recorded by the dongle 90. The next digit of the PIN number 
is entered by clockwise rotation of the knob 96, and so on, until all of the digits of the PIN 
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respect to the casing 1 12 are shown by the ghost lines in Figure 8C. 



When the sliding part 122 reaches its maximum travel in the direction of arrow 124, the 
coupling part 1 16 is rotated 180° with respect to the casing 1 12. The coupling portion 
1 16 is returned to the position shown in Figures 8A and 8B by sliding the sliding part 
122 in the direction opposite to arrow 124. When the coupling part 1 16 is in the position 
shown in Figures 8A and 8B, the connector 54 is protected by the sliding part 122. 

The embodiments shown in Figures 5,6,7 and 8 provide various means by which the 
electrical connector 54 can be concealed and protected when not required. 

In the Figure 6 embodiment the power source of the dongle is piezo electric cell 82. 

A similar power source may be provided in the dongles illustrated in Figures 5,7 and 8, 
with power being generated by movement of the closure member 56 of the dongle 50 of 
Figure 5, the movement of the knob 96 of the dongle 90 of Figure 7, or movement of the 
sliding part 122 of Figure 8. Alternatively, or additionally, these dongles may include a 
replaceable battery or a rechargeable batteiy which is recharged when the dongle 
50,80,90,1 10 is connected to the PCIO. 



Whilst the dongles described include an electrical connector 54 which is shown as a USB 
connector, it should be appreciated that any other suitable type of electrical connector 
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CLAIMS 



1 . A device for connection to a data processing apparatus, the device including first 
coupling means for operative coupling to authentication storage means storing 
predetermined information relating to the authentication of a transaction with the data 
processing apparatus; second coupling means for operative coupling to the data 
processing apparatus, the device when operatively coupled to the data processing 
apparatus being responsive to an authentication process carried out via a communications 
link for authenticating the transaction, the authentication process involving the use of the 
predetermined information; security data entry means for obtaining security data 
mdependenUy of the data processing apparatus; and means for storing the security data 
temporarily. 

2. The device of claim 1 , wherein the security data is stored temporarily by means of 
a transient power source. 

3. The device of claim 2, wherein the transient power source comprises piezo electric 
means. 



4. The device of claim 3, wherein the piezo electric means comprises one or more 
piezo electric cells. 
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10. The device of claim 9, wherein the configuration means comprises a removable 
cap. 

11. The device of claim 9, wherein the configuration means comprises a closure 
member coupled to and moveable with respect to the housing for selectively closing an 
aperture in tiie housing, 

12. The device of claim 11, comprising interconnection means for connecting Ae 
closure member and the second coupling means, the arrangement being such that, as the 
closure member is moved to open the aperture, the second coupling means emerges from 
the aperture. 

13. The device of claim 8, comprising a knob mounted on the device housing for 
rotation wifli respect thereto, and means for converting rotation of said knob into linear 
movement of the second coupling means such that rotation of said knob in a first direction 
causes the second coupling means to emerge from an aperture in the device housing and 
rotation of said knob in a second direction causes the second coupling means to be 
retracted through said aperture. 

14. The device of claim 9, wherein the device housing includes two parts moveable 
with respect to one another between a first arrangement where the second coupling means 
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21. The device of any one of claims 1 to 7 and 16 to 20, wherein the security data 
comprise a Personal Identification Number (PIN) and analysing means compares the PIN 
obtained by the security data means with a PIN stored on the authentication storage means 
and only allows access to the predetermined information when the respective PINs match. 

22. The device of any one of the preceding claims, comprising a display for displaying 
security information. 

23. The device of any one of the preceding claims, comprising a data processing 
module for controlling the communication with the data processing apparatus. 

24. The device of claim 23, wherein the data processing module of the device is 
configured for communicating with a corresponding data processing module of the data 
processing apparatus. 

25. The device of claim 24, wherein communication between the authentication 
storage means and the data processing apparatus is performed via the respective data 
processing modules. 

26. The device of claim 23,24 or 25, wherein the data processing module of the device 
includes means for decrypting encrypted data received from the data processing module 
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32. The device of claim 31, in which each user is authenticated in the 
telecommunications system by means of the use of a smart card or subscriber identity 
module (e.g. SIM), and in which the authentication storage means respective to that user 
corresponds to or simulates the smart card for that user. 

33 . The device of any one of claims 1 to 32, in which the transaction is a transaction 
involving use of the data processing functions of the data processing apparatus. 

34. The device of any one of claims 1 to 33, in which the authentication storage means 
is specific to tliat device. 

35. The device of any one of claims 1 to 34, in which the authentication process 
involves the sending of a message and the generation of a response dependent on the 
message and the predetermined information. 

36. The device of any one of claims 30 to 35, wherein the telecommunications system 
includes means for levying a charge for the transaction when authorised. 



37. The device for any one of claims 1 to 7, 1 6 and 1 7, wherein the security data entry 
means comprises a rotary knob. 
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